You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Anshaj Mathur <an...@gmail.com> on 2005/02/03 12:05:01 UTC
Accessing static variable from different webapps
Dear group,
I have public class which contains a static
variable type integer. I am running different webapps
inside single instance of tomcat. I initiated this
class in different webapps. I increased the count from
a webapp and tried to see it from different webapp. I
found that count was not increased in other webapp. It
was showing the original count.
Am I braking any laws of tomcat security.
Thanks for your suggestions.
Regards,
Anshaj
--
v1.2a r TW 0/0/ FD + 0 DSotM 3 100 21.3% <3jan5>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing static variable from different webapps
Posted by Tim Funk <fu...@joedog.org>.
Wrong. Static variables are per *classloader*, not per JVM.
-Tim
Anshaj Mathur wrote:
> Thanks for your reply. I think JVM rules said that there should be 1
> reference per JVM for a static variable. Tomcat class loader creates
> separate instance of a static variable for each webapps. I am just
> trying to understand how class loader works in tomcat.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Security Questions
Posted by Luke <lu...@lukeshannon.com>.
Hello;
When creating a realm does the table name have to be 'user'?
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/tomcatusers?user=dbUser&password=d
bUser"
userTable="tomcatusers" userNameCol="user_name"
userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="role_name" />
With this realm I get a 403, but no login prompt. Before I go through with
recreating the DB and the users I wanted to be sure this was the problem.
Also, the web.xml in my projects WEB-INF contains the following:
<!-- security -->
<security-constraint>
<web-resource-collection>
<web-resource-name>fw</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</security-constraint>
Right now I don't want any one to use a servlet that is not authorized
first. What I was expecting was a standard login prompt with the basic (just
getting a 403 as discribed above). However, once I got BASIC working I
wanted to shift to a custom form login:
<login-config>
<auth-method>FORM</auth-method>
<form-login-page>/loginpage.html</form-login-page>
<form-error-page>/loginpage.html</form-error-page>
</login-config>
Can I do this with the url-pattern of *.do? Or do I need to put an actual
directory? The reason I ask is how will Tomcat find the login pages?
My last question is about this:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Is it a good idea to have this? I understand it encrypts all data that is
sent to the server. It seems to me that no system should be without. But I
wanted to check with someone more experienced first whether there were
concerns or limitations I am unaware off.
Thanks,
Luke
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing static variable from different webapps
Posted by Anshaj Mathur <an...@gmail.com>.
Thanks a lot for helping me understand all this concepts about
classloading. I found a pretty good article on class loading in java.
http://www.onjava.com/pub/a/onjava/2005/01/26/classloading.html
Thanks,
Anshaj
On Thu, 03 Feb 2005 22:25:53 +0100, Mario Winterer
<ma...@eduhi.at> wrote:
> For more information on tomcat's classloading concept have a look at:
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/class-loader-howto.html
>
> As you can see there, Tomcat instantiates a classloader for each web
> application. So if you put a class - let's say "Global" - inside the
> "WEB-INF/classes" directory of each of two of your web applications, it
> will be loaded twice. As a fact, a static variable of the "Global" class
> - let's say Global.myVar - will exist twice too!
> But if you put your "Global" class into the %TOMCAT_HOME%/shared/classes
> directory ONLY (important: you must remove all occurences of your
> "Global" class from the webapps-classes directories to make this work!),
> it will be loaded by the "shared"-classloader. Because of the fact that
> the shared classloader is the parent classloader of all
> webapp-classloaders, every web-application can access the classes loaded
> by the shared classloader.
>
> But holding resources in static variables inside the shared/classes
> directory there is not recommmended! Better add a JNDI-resource to your
> Tomcat's JNDI-context! This is done in server.xml inside the
> <GlobalNamingResources>-element* *(see
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html).
>
> Best regards,
> Tex
>
>
> >Thanks for your reply. I think JVM rules said that there should be 1
> >reference per JVM for a static variable. Tomcat class loader creates
> >separate instance of a static variable for each webapps. I am just
> >trying to understand how class loader works in tomcat.
> >
> >Thanks,
> >Anshaj
> >
> >
> >On Thu, 03 Feb 2005 06:41:29 -0500, Tim Funk <fu...@joedog.org> wrote:
> >
> >
> >>Put the class in the common or shared classloader.
> >>
> >>-Tim
> >>
> >>Anshaj Mathur wrote:
> >>
> >>
> >>
> >>>Dear group,
> >>>
> >>> I have public class which contains a static
> >>>variable type integer. I am running different webapps
> >>>inside single instance of tomcat. I initiated this
> >>>class in different webapps. I increased the count from
> >>>a webapp and tried to see it from different webapp. I
> >>>found that count was not increased in other webapp. It
> >>>was showing the original count.
> >>>Am I braking any laws of tomcat security.
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >>
> >>
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
v1.2a r TW 0/0/ FD + 0 DSotM 3 100 21.3% <3jan5>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing static variable from different webapps
Posted by Mario Winterer <ma...@eduhi.at>.
For more information on tomcat's classloading concept have a look at:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/class-loader-howto.html
As you can see there, Tomcat instantiates a classloader for each web
application. So if you put a class - let's say "Global" - inside the
"WEB-INF/classes" directory of each of two of your web applications, it
will be loaded twice. As a fact, a static variable of the "Global" class
- let's say Global.myVar - will exist twice too!
But if you put your "Global" class into the %TOMCAT_HOME%/shared/classes
directory ONLY (important: you must remove all occurences of your
"Global" class from the webapps-classes directories to make this work!),
it will be loaded by the "shared"-classloader. Because of the fact that
the shared classloader is the parent classloader of all
webapp-classloaders, every web-application can access the classes loaded
by the shared classloader.
But holding resources in static variables inside the shared/classes
directory there is not recommmended! Better add a JNDI-resource to your
Tomcat's JNDI-context! This is done in server.xml inside the
<GlobalNamingResources>-element* *(see
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html).
Best regards,
Tex
>Thanks for your reply. I think JVM rules said that there should be 1
>reference per JVM for a static variable. Tomcat class loader creates
>separate instance of a static variable for each webapps. I am just
>trying to understand how class loader works in tomcat.
>
>Thanks,
>Anshaj
>
>
>On Thu, 03 Feb 2005 06:41:29 -0500, Tim Funk <fu...@joedog.org> wrote:
>
>
>>Put the class in the common or shared classloader.
>>
>>-Tim
>>
>>Anshaj Mathur wrote:
>>
>>
>>
>>>Dear group,
>>>
>>> I have public class which contains a static
>>>variable type integer. I am running different webapps
>>>inside single instance of tomcat. I initiated this
>>>class in different webapps. I increased the count from
>>>a webapp and tried to see it from different webapp. I
>>>found that count was not increased in other webapp. It
>>>was showing the original count.
>>>Am I braking any laws of tomcat security.
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing static variable from different webapps
Posted by Anshaj Mathur <an...@gmail.com>.
Thanks for your reply. I think JVM rules said that there should be 1
reference per JVM for a static variable. Tomcat class loader creates
separate instance of a static variable for each webapps. I am just
trying to understand how class loader works in tomcat.
Thanks,
Anshaj
On Thu, 03 Feb 2005 06:41:29 -0500, Tim Funk <fu...@joedog.org> wrote:
> Put the class in the common or shared classloader.
>
> -Tim
>
> Anshaj Mathur wrote:
>
> > Dear group,
> >
> > I have public class which contains a static
> > variable type integer. I am running different webapps
> > inside single instance of tomcat. I initiated this
> > class in different webapps. I increased the count from
> > a webapp and tried to see it from different webapp. I
> > found that count was not increased in other webapp. It
> > was showing the original count.
> > Am I braking any laws of tomcat security.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
v1.2a r TW 0/0/ FD + 0 DSotM 3 100 21.3% <3jan5>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing static variable from different webapps
Posted by Tim Funk <fu...@joedog.org>.
Put the class in the common or shared classloader.
-Tim
Anshaj Mathur wrote:
> Dear group,
>
> I have public class which contains a static
> variable type integer. I am running different webapps
> inside single instance of tomcat. I initiated this
> class in different webapps. I increased the count from
> a webapp and tried to see it from different webapp. I
> found that count was not increased in other webapp. It
> was showing the original count.
> Am I braking any laws of tomcat security.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org